package com.xx.config;

import com.xx.config.security.CustomAuthenticationEntryPoint;
import com.xx.config.security.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity //自动应用默认的安全配置
public class SecurityConfig {

    //未认证异常
    @Autowired
    CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
    @Autowired
    JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
    @Bean
    public SecurityFilterChain filterChain (HttpSecurity http) throws Exception{
        http
                //基本配置
                .csrf(csrf -> csrf.disable()) //CSRF保护被禁用
                .cors(cors ->cors.disable()); //CORS保护被禁用 这允许任何来源的跨域请求

        //会话配置
        //STATELESS  Spring Security永远不会创建HttpSession
        http.sessionManagement(session ->
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));

        //请求授权
        http.authorizeHttpRequests(auth -> {
            auth.requestMatchers(  "/user/login",
                    "/user/register",
                    "/static/**",
                    "/webjars/**",
                    "favicon.ico",
                    "/js/**",
                    "/css/**",
                    "/img/**",
                    "/index.html",
                    "/swagger-resources/**",
                    "/doc.html/**",
                    "/swagger-ui/**",
                    "/v3/api-docs/**").permitAll().anyRequest().authenticated();


        });
        //4. // 异常处理
        http
                .exceptionHandling(exceptions -> exceptions
                        //认证异常
                        .authenticationEntryPoint(customAuthenticationEntryPoint)
                );
        //5.配置过滤器，在UsernamePasswordAuthenticationFilter之前
        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    //认证管理器
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
    throws Exception{
        return configuration.getAuthenticationManager();
    }
    //指定加密方式
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}
